Facebook profile viewer scams circulate, install suspicious extensions to mess with Firefox and Chrome

Facebook profile viewerThreatTrack security researcher Chris Boyd (aka "Paperghost") has detailed the latest in a growing number of attacks posing as "Facebook Profile Viewer" applications, but which actually aim to make sinister changes to victims' web browsers.

In a blog post Boyd explains how he came across a webpage on Tumblr with a name which suggested it could provide free lives for the famously addictive Candy Crush Saga Facebook game.

However, as you can see below, the webpage seems much more interested in encouraging you to find out who has been viewing your Facebook profile than improving your candy-matching skills:


The fake Profile Viewer promotion encourages users to delve further, with the following instructions:

To activate your Profile Viewer... follow the simple instructions below.

Step 1: Click Scan button.
Step 2: Click download file ProfileViewersSetup.exe and click yes when prompted to start scanning who viewed your profile.
Step 3: Once you click yes the results will be available to you.

Sure enough, if you click the scan button you begin to download a Windows executable program called ProfileViewersSetup.exe. I tried downloading the program on a Mac computer, and it was proactively identified by Sophos as Mal/Generic-S.

Malicious threat detected

Boyd reports that ThreatTrack's VIPRE product detects the file as Trojan.Win32.Clicker!BT.

But what if you weren't running an anti-virus program capable of intercepting this malware? What would happen then?

Well, if you download and run the executable on a Windows computer, a new .xpi extension called “WhoViewS 5.2″ will be installed into your Firefox browser. Suspiciously, the extension gives its homepage as microsoft.com and uses an Adobe Flash logo as its avatar.


Boyd says that he and his fellow researchers at ThreatTrack are continuing to analyse the purpose of this extension, but it's clear that it's intentions are not good. In the past rogue Firefox extensions have been seen that interfere with your search settings, display pop-up advertising, redirect browsers to webpages that earn cybercriminals affiliate cash and so forth.

Indeed, if you're not using Firefox on your computer but are a Chrome-lover instead you will find your preferred browser has started redirecting you to pages that ask you to complete surveys - again, with the intention of earning money for the scammers.

I've said it before, and I'll say it again. There is *no* way that you can find out who has been looking at your Facebook profile. So putting your personal computer and data at risk by hunting for a solution.

If you want to learn more about the latest Facebook scams, and ways to protect yourself online, like the Graham Cluley Security News Facebook page.

Tags: , , , , , , , ,

Subscribe to the free GCHQ newsletter

, , , , , , , ,

Special offers & deals

  • Sticky Password Premium: Lifetime Subscription

    Sticky Password Premium: Lifetime Subscription

    Sticky Password protects your online identity by providing strong encrypted passwords for all your accounts, managed by a single master password known by you, and only you. Available for Mac, Windows, iOS, and Android. For a limited time, it's 80% off in our store.
  • IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    Whether you're a beginner or mid-level professional, you'll want to take this comprehensive online course, to help you attain two industry-recognised certifications. You'll master mobile hacking, VPN technologies, penetration testing, and much more--giving you the knowledge you need to succeed in any IT workplace.

More deals...

Leave a reply

1 Comment on "Facebook profile viewer scams circulate, install suspicious extensions to mess with Firefox and Chrome"

Notify of

Sort by:   newest | oldest | most voted
July 4, 2013 2:48 pm

Is that just chrome?
Or all chromium browsers?